The cyber domain is unique in that low barriers to entry contribute to the diffusion of power. It is cheaper and quicker to send signals through cyberspace around the globe than move large ships across oceans.
The costs of developing multiple-carrier task forces and submarine fleets create enormous barriers to entry and make it possible to speak of NATO’s naval dominance. In contrast, the barriers to entry in the cyber domain are so low that non-state actors and small states can play significant roles at relatively little cost.
While a few states, like the United States, Russia, Britain, France, and China have a greater capacity than others, it makes little sense to speak of dominance in cyber space as in the case of naval or air power. If anything, dependence on complex cyber systems for support of military and economic activities creates new vulnerabilities in large states – ones that can be exploited by other states and non state actors.
If one treats most amateur hacktivism as mostly a nuisance, there are four major categories of cyber threats to national security, each with a different time horizon and with different (in principle) solutions: cyber war and economic espionage are largely associated with states, and cyber crime and cyber terrorism are mostly associated with non-state actors.
At present, the highest costs come from the espionage and crime, but over the next decade or so, war and terrorism may become greater threats. Moreover, as alliances and tactics evolve among different actors, the categories may increasingly overlap.